helmet - npm Package Compare versions

Comparing version 6.1.0 to 6.1.1

CHANGELOG.md

 # Changelog
 
+## 6.1.1 - 2023-04-08
+
+### Fixed
+
+- Fixed missing package metadata
+
 ## 6.1.0 - 2023-04-08
@@ -4,0 +10,0 @@

package.json

 {
 	"name": "helmet",
-	"version": "6.1.0",
+	"description": "help secure Express/Connect apps with various HTTP headers",
+	"version": "6.1.1",
 	"author": "Adam Baldwin <adam@npmjs.com> (https://evilpacket.net)",
@@ -18,2 +19,11 @@ "contributors": [
 	"license": "MIT",
+	"keywords": [
+		"express",
+		"security",
+		"headers",
+		"backend"
+	],
+	"engines": {
+		"node": ">=14.0.0"
+	},
 	"exports": {
@@ -20,0 +30,0 @@ ".": {

README.md

@@ -13,8 +13,8 @@ # Helmet
 ```js
-const express = require("express")
-const helmet = require("helmet")
+const express = require("express");
+const helmet = require("helmet");
 
-const app = express()
+const app = express();
 
-app.use(helmet())
+app.use(helmet());
 
@@ -27,7 +27,7 @@ // ...
 ```js
-import helmet from "helmet"
+import helmet from "helmet";
 
-const app = express()
+const app = express();
 
-app.use(helmet())
+app.use(helmet());
 ```
@@ -58,6 +58,6 @@
 app.use(
-	helmet({
-		referrerPolicy: {policy: "no-referrer"}
-	})
-)
+  helmet({
+    referrerPolicy: { policy: "no-referrer" },
+  })
+);
 ```
@@ -70,6 +70,6 @@
 app.use(
-	helmet({
-		contentSecurityPolicy: false
-	})
-)
+  helmet({
+    contentSecurityPolicy: false,
+  })
+);
 ```
@@ -86,28 +86,28 @@
 ```js
-import helmet from "helmet"
+import helmet from "helmet";
 
 // ...
 
-app.use(helmet())
+app.use(helmet());
 ```
 
 ```js
-import * as helmet from "helmet"
+import * as helmet from "helmet";
 
 // ...
 
-app.use(helmet.contentSecurityPolicy())
-app.use(helmet.crossOriginEmbedderPolicy())
-app.use(helmet.crossOriginOpenerPolicy())
-app.use(helmet.crossOriginResourcePolicy())
-app.use(helmet.dnsPrefetchControl())
-app.use(helmet.frameguard())
-app.use(helmet.hidePoweredBy())
-app.use(helmet.hsts())
-app.use(helmet.ieNoOpen())
-app.use(helmet.noSniff())
-app.use(helmet.originAgentCluster())
-app.use(helmet.permittedCrossDomainPolicies())
-app.use(helmet.referrerPolicy())
-app.use(helmet.xssFilter())
+app.use(helmet.contentSecurityPolicy());
+app.use(helmet.crossOriginEmbedderPolicy());
+app.use(helmet.crossOriginOpenerPolicy());
+app.use(helmet.crossOriginResourcePolicy());
+app.use(helmet.dnsPrefetchControl());
+app.use(helmet.frameguard());
+app.use(helmet.hidePoweredBy());
+app.use(helmet.hsts());
+app.use(helmet.ieNoOpen());
+app.use(helmet.noSniff());
+app.use(helmet.originAgentCluster());
+app.use(helmet.permittedCrossDomainPolicies());
+app.use(helmet.referrerPolicy());
+app.use(helmet.xssFilter());
 ```
@@ -124,3 +124,3 @@
 // Includes all 15 middlewares
-app.use(helmet())
+app.use(helmet());
 ```
@@ -133,6 +133,6 @@
 app.use(
-	helmet({
-		frameguard: false
-	})
-)
+  helmet({
+    frameguard: false,
+  })
+);
 ```
@@ -145,8 +145,8 @@
 app.use(
-	helmet({
-		frameguard: {
-			action: "deny"
-		}
-	})
-)
+  helmet({
+    frameguard: {
+      action: "deny",
+    },
+  })
+);
 ```
@@ -196,56 +196,56 @@
 app.use(
-	helmet.contentSecurityPolicy({
-		directives: {
-			"script-src": ["'self'", "example.com"],
-			"style-src": null
-		}
-	})
-)
+  helmet.contentSecurityPolicy({
+    directives: {
+      "script-src": ["'self'", "example.com"],
+      "style-src": null,
+    },
+  })
+);
 
 // Sets "Content-Security-Policy: default-src 'self';script-src 'self' example.com;object-src 'none';upgrade-insecure-requests"
 app.use(
-	helmet.contentSecurityPolicy({
-		useDefaults: false,
-		directives: {
-			defaultSrc: ["'self'"],
-			scriptSrc: ["'self'", "example.com"],
-			objectSrc: ["'none'"],
-			upgradeInsecureRequests: []
-		}
-	})
-)
+  helmet.contentSecurityPolicy({
+    useDefaults: false,
+    directives: {
+      defaultSrc: ["'self'"],
+      scriptSrc: ["'self'", "example.com"],
+      objectSrc: ["'none'"],
+      upgradeInsecureRequests: [],
+    },
+  })
+);
 
 // Sets the "Content-Security-Policy-Report-Only" header instead
 app.use(
-	helmet.contentSecurityPolicy({
-		directives: {
-			/* ... */
-		},
-		reportOnly: true
-	})
-)
+  helmet.contentSecurityPolicy({
+    directives: {
+      /* ... */
+    },
+    reportOnly: true,
+  })
+);
 
 // Sets the `script-src` directive to "'self' 'nonce-e33ccde670f149c1789b1e1e113b0916'" (or similar)
 app.use((req, res, next) => {
-	res.locals.cspNonce = crypto.randomBytes(16).toString("hex")
-	next()
-})
+  res.locals.cspNonce = crypto.randomBytes(16).toString("hex");
+  next();
+});
 app.use(
-	helmet.contentSecurityPolicy({
-		directives: {
-			scriptSrc: ["'self'", (req, res) => `'nonce-${res.locals.cspNonce}'`]
-		}
-	})
-)
+  helmet.contentSecurityPolicy({
+    directives: {
+      scriptSrc: ["'self'", (req, res) => `'nonce-${res.locals.cspNonce}'`],
+    },
+  })
+);
 
 // Sets "Content-Security-Policy: script-src 'self'"
 app.use(
-	helmet.contentSecurityPolicy({
-		useDefaults: false,
-		directives: {
-			"default-src": helmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc,
-			"script-src": ["'self'"]
-		}
-	})
-)
+  helmet.contentSecurityPolicy({
+    useDefaults: false,
+    directives: {
+      "default-src": helmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc,
+      "script-src": ["'self'"],
+    },
+  })
+);
 
@@ -255,8 +255,8 @@ // Sets the `frame-ancestors` directive to "'none'"
 app.use(
-	helmet.contentSecurityPolicy({
-		directives: {
-			frameAncestors: ["'none'"]
-		}
-	})
-)
+  helmet.contentSecurityPolicy({
+    directives: {
+      frameAncestors: ["'none'"],
+    },
+  })
+);
 ```
@@ -283,6 +283,6 @@
 // Sets "Cross-Origin-Embedder-Policy: require-corp"
-app.use(helmet.crossOriginEmbedderPolicy())
+app.use(helmet.crossOriginEmbedderPolicy());
 
 // Sets "Cross-Origin-Embedder-Policy: credentialless"
-app.use(helmet.crossOriginEmbedderPolicy({policy: "credentialless"}))
+app.use(helmet.crossOriginEmbedderPolicy({ policy: "credentialless" }));
 ```
@@ -309,6 +309,8 @@
 // Sets "Cross-Origin-Opener-Policy: same-origin"
-app.use(helmet({crossOriginOpenerPolicy: true}))
+app.use(helmet({ crossOriginOpenerPolicy: true }));
 
 // Sets "Cross-Origin-Opener-Policy: same-origin-allow-popups"
-app.use(helmet({crossOriginOpenerPolicy: {policy: "same-origin-allow-popups"}}))
+app.use(
+  helmet({ crossOriginOpenerPolicy: { policy: "same-origin-allow-popups" } })
+);
 ```
@@ -320,9 +322,9 @@
 // Sets "Cross-Origin-Opener-Policy: same-origin"
-app.use(helmet.crossOriginOpenerPolicy())
+app.use(helmet.crossOriginOpenerPolicy());
 
 // Sets "Cross-Origin-Opener-Policy: same-origin-allow-popups"
-app.use(helmet.crossOriginOpenerPolicy({policy: "same-origin-allow-popups"}))
+app.use(helmet.crossOriginOpenerPolicy({ policy: "same-origin-allow-popups" }));
 
 // Sets "unsafe-none-Opener-Policy: unsafe-none"
-app.use(helmet.crossOriginOpenerPolicy({policy: "unsafe-none"}))
+app.use(helmet.crossOriginOpenerPolicy({ policy: "unsafe-none" }));
 ```
@@ -351,6 +353,6 @@
 // Sets "Cross-Origin-Resource-Policy: same-origin"
-app.use(helmet({crossOriginResourcePolicy: true}))
+app.use(helmet({ crossOriginResourcePolicy: true }));
 
 // Sets "Cross-Origin-Resource-Policy: same-site"
-app.use(helmet({crossOriginResourcePolicy: {policy: "same-site"}}))
+app.use(helmet({ crossOriginResourcePolicy: { policy: "same-site" } }));
 ```
@@ -362,9 +364,9 @@
 // Sets "Cross-Origin-Resource-Policy: same-origin"
-app.use(helmet.crossOriginResourcePolicy())
+app.use(helmet.crossOriginResourcePolicy());
 
 // Sets "Cross-Origin-Resource-Policy: same-site"
-app.use(helmet.crossOriginResourcePolicy({policy: "same-site"}))
+app.use(helmet.crossOriginResourcePolicy({ policy: "same-site" }));
 
 // Sets "Cross-Origin-Resource-Policy: cross-origin"
-app.use(helmet.crossOriginResourcePolicy({policy: "cross-origin"}))
+app.use(helmet.crossOriginResourcePolicy({ policy: "cross-origin" }));
 ```
@@ -400,15 +402,15 @@
 app.use(
-	helmet.expectCt({
-		maxAge: 86400
-	})
-)
+  helmet.expectCt({
+    maxAge: 86400,
+  })
+);
 
 // Sets "Expect-CT: max-age=86400, enforce, report-uri="https://example.com/report"
 app.use(
-	helmet.expectCt({
-		maxAge: 86400,
-		enforce: true,
-		reportUri: "https://example.com/report"
-	})
-)
+  helmet.expectCt({
+    maxAge: 86400,
+    enforce: true,
+    reportUri: "https://example.com/report",
+  })
+);
 ```
@@ -438,13 +440,13 @@
 app.use(
-	helmet.referrerPolicy({
-		policy: "no-referrer"
-	})
-)
+  helmet.referrerPolicy({
+    policy: "no-referrer",
+  })
+);
 
 // Sets "Referrer-Policy: origin,unsafe-url"
 app.use(
-	helmet.referrerPolicy({
-		policy: ["origin", "unsafe-url"]
-	})
-)
+  helmet.referrerPolicy({
+    policy: ["origin", "unsafe-url"],
+  })
+);
 ```
@@ -478,22 +480,22 @@
 app.use(
-	helmet.hsts({
-		maxAge: 123456
-	})
-)
+  helmet.hsts({
+    maxAge: 123456,
+  })
+);
 
 // Sets "Strict-Transport-Security: max-age=123456"
 app.use(
-	helmet.hsts({
-		maxAge: 123456,
-		includeSubDomains: false
-	})
-)
+  helmet.hsts({
+    maxAge: 123456,
+    includeSubDomains: false,
+  })
+);
 
 // Sets "Strict-Transport-Security: max-age=123456; includeSubDomains; preload"
 app.use(
-	helmet.hsts({
-		maxAge: 63072000,
-		preload: true
-	})
-)
+  helmet.hsts({
+    maxAge: 63072000,
+    preload: true,
+  })
+);
 ```
@@ -522,3 +524,3 @@
 // Sets "X-Content-Type-Options: nosniff"
-app.use(helmet.noSniff())
+app.use(helmet.noSniff());
 ```
@@ -545,3 +547,3 @@
 // Sets "Origin-Agent-Cluster: ?1"
-app.use(helmet.originAgentCluster())
+app.use(helmet.originAgentCluster());
 ```
@@ -571,13 +573,13 @@
 app.use(
-	helmet.dnsPrefetchControl({
-		allow: false
-	})
-)
+  helmet.dnsPrefetchControl({
+    allow: false,
+  })
+);
 
 // Sets "X-DNS-Prefetch-Control: on"
 app.use(
-	helmet.dnsPrefetchControl({
-		allow: true
-	})
-)
+  helmet.dnsPrefetchControl({
+    allow: true,
+  })
+);
 ```
@@ -606,3 +608,3 @@
 // Sets "X-Download-Options: noopen"
-app.use(helmet.ieNoOpen())
+app.use(helmet.ieNoOpen());
 ```
@@ -632,13 +634,13 @@
 app.use(
-	helmet.frameguard({
-		action: "deny"
-	})
-)
+  helmet.frameguard({
+    action: "deny",
+  })
+);
 
 // Sets "X-Frame-Options: SAMEORIGIN"
 app.use(
-	helmet.frameguard({
-		action: "sameorigin"
-	})
-)
+  helmet.frameguard({
+    action: "sameorigin",
+  })
+);
 ```
@@ -668,13 +670,13 @@
 app.use(
-	helmet.permittedCrossDomainPolicies({
-		permittedPolicies: "none"
-	})
-)
+  helmet.permittedCrossDomainPolicies({
+    permittedPolicies: "none",
+  })
+);
 
 // Sets "X-Permitted-Cross-Domain-Policies: by-content-type"
 app.use(
-	helmet.permittedCrossDomainPolicies({
-		permittedPolicies: "by-content-type"
-	})
-)
+  helmet.permittedCrossDomainPolicies({
+    permittedPolicies: "by-content-type",
+  })
+);
 ```
@@ -701,3 +703,3 @@
 // Removes the X-Powered-By header if it was set.
-app.use(helmet.hidePoweredBy())
+app.use(helmet.hidePoweredBy());
 ```
@@ -726,3 +728,3 @@
 // Sets "X-XSS-Protection: 0"
-app.use(helmet.xssFilter())
+app.use(helmet.xssFilter());
 ```
@@ -729,0 +731,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

87158

increased by0.62%

Number of lines in readme file

709

increased by0.28%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes